INFOSEC GOVERNANCE RISK COMPLIANCE (GRC) ANALYST – RISK Coordinates review of existing risks, along with treatment plans, to ensure they are being managed in accordance with our policies and standards. Provides guidance to business and risk owners in developing appropriate risk treatment plans that reduce risk to the organization. Analyzes and documents cyber security threats specific to the organization. Produces and interprets common cyber risk assessment and management reports. Analyzes information security metrics (KRI s, KPI s) data and decerns patterns in a variety of settings. Works with processes and tools for reporting information security KRI sKPI s for forcasting alignment with NIST CSF governance structure accurately. Follows up on actionable items associated with KRIKPI information. Participates in the development of departmental IT infrastructure and policies based on a business analysis. Generates status reports for management to ensure the implementation of IT security policies, standards and procedures. Performs information gathering and research on key elements of IT security policies. Analyzes the purposes and responsibilities of security technology infrastructure across various functions. Identifies the roles and responsibilities of the IT department. Identifies specific facilities and equipment used to provide physical security for corporate data. Explains the process and structure used to gain information access. Describes the roles and functions of various individuals in Information Security Administration. Describes basic concepts involved in securing electronic information. Describes the rationale for the conduct of information security audits and discusses appropriate ways to answer information security questions concerning audit trails, availability and confidentiality. Requirements At least 1 year experience in one or more of the following fields third party risk management (TPRM) and information security risk management. 1-2 years of Information Security experience. 1-2 years of experience in managing projects. Experience in SOX and PCI-DSS controls. Great written and verbal communications required. Ability to communicate in a manner appropriate to audience size or level and via multiple mediums. Preferred Skills Expert with Microsoft 0365 suite of applications, ability to convert raw technology metrics into meaningful reports at an management level. Ability to work with technical subject matter experts and translate information to non-technical employees and stakeholders. Project management experience and the ability to prioritize and balance some projects simultaneously. Displays sound judgement with a high level of integrity, ethics, and ability to calmly, diplomatically, and effectively handle stressful situations. Demonstrate a degree of creativity with strong, analytical problem-solving skills. Excellent verbal, presentation, and written communication skills for both technical and non-technical audiences. High familiarity with ISO270012, NIST CSF, PCI-DSS, and other industry standards and frameworks. Bachelor s Degree in Information Technology, Computer Science, or Cyber Security is preferred, nontechnical degrees with Computer Science fundamentals will be consider combined with technology experience. Required Certifications At least one Information Security certification (or working towards) such as Certified in Risk and Information Systems Control (CRISC), Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), etc. required.
source https://www.jobsinmiramar.com/other-general/risk-compliance-sox-pci-d6063d3/
source https://jobsinmiramar.tumblr.com/post/614719020938182656
Scott Smith 